Skip to content

Commit

Permalink
add missing CSP entries
Browse files Browse the repository at this point in the history
  • Loading branch information
@paskal
paskal committed Jan 8, 2024
1 parent 2e11bb1 commit 3ed045c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion config/nginx/security_headers.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains; prelo
add_header Referrer-Policy same-origin;

# CSP header, built with https://addons.mozilla.org/en/firefox/addon/laboratory-by-mozilla/
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://*.clickfraud.ru https://*.google.com https://*.google.ru https://analytics.bitrix.info https://api.clickfraud.dev https://fs-group.bitrix24.ru https://mc.yandex.com/ https://mc.yandex.md/ https://mc.yandex.ru/ https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.bitrix24.ru https://yastatic.net https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; frame-src 'self' https://yandex.ru https://mc.yandex.ru https://www.google.com; img-src 'self' data: blob: https://*.google.ru https://www.googletagmanager.com https://*.yandex.com https://*.yandex.com https://*.yandex.net https://*.yandex.ru https://counter.yadro.ru https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; script-src 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.bitrix24.ru/css https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; manifest-src 'self'; media-src 'none'; object-src 'none'; child-src https://www.google.com https://yandex.ru; worker-src 'none'; frame-ancestors 'self'; form-action 'self'; base-uri 'none'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.clickfraud.ru https://cdn-ru.bitrix24.ru https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/ https://core-renderer-tiles.maps.yandex.net https://dct.mango-office.ru https://enterprise.api-maps.yandex.ru/ https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://mc.yandex.ru/metrika/tag.js https://widgets.mango-office.ru/widgets/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.bitrix24.ru/css https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; report-uri https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953; report-to {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953\"}],\"include_subdomains\":true}" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://*.clickfraud.ru https://*.google.com https://*.google.ru https://analytics.bitrix.info https://api.clickfraud.dev https://fs-group.bitrix24.ru https://mc.yandex.com/ https://mc.yandex.md/ https://mc.yandex.ru/ https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.bitrix24.ru https://yastatic.net https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; frame-src 'self' https://yandex.ru https://mc.yandex.ru https://www.google.com https://www.youtube.com/embed/ https://www.1tv.ru/embed/ https://static.1tv.ru/eump/embeds/; img-src 'self' data: blob: https://*.google.ru https://www.googletagmanager.com https://*.yandex.com https://*.yandex.com https://*.yandex.net https://*.yandex.ru https://counter.yadro.ru https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clickfraud.ru https://cdn-ru.bitrix24.ru https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/ https://core-renderer-tiles.maps.yandex.net https://dct.mango-office.ru https://enterprise.api-maps.yandex.ru/ https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://mc.yandex.ru/metrika/tag.js https://widgets.mango-office.ru/widgets/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru https://yastatic.net/share2/share.js; style-src 'self' 'unsafe-inline' https://fonts.bitrix24.ru/css https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; manifest-src 'self'; media-src 'none'; object-src 'none'; child-src https://www.google.com https://yandex.ru; worker-src 'none'; frame-ancestors 'self'; form-action 'self'; base-uri 'none'; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953; report-to {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953\"}],\"include_subdomains\":true}" always;

0 comments on commit 3ed045c

Please sign in to comment.